Tag: Hacking

Latitude Financial Admits Breach Impacted Millions
28Mar By RBNo Comments
News

Latitude Financial Admits Breach Impacted Millions

According to Latitude Financial, a cyber-attack that was previously reported this month led to the theft of over 14 million customer records, including highly sensitive personal data. The Melbourne-headquartered consumer lender claimed in a statement today that hackers took 7.9 million Australian and New Zealand driver’s licence numbers, 40% of which were supplied to the firm in the past 10 years. 94% of the 6.1 million additional records that were stolen, which dated back to 2005, were given before 2013. Many of these will still be valid, though, as they include personal information like name, address, phone number, and birthdate. A total of 53,000 passport numbers as well as the financial records of "fewer than 100 consumers" were stolen read more Latitude Financial Admits Brea...
Read More
SharePoint Phishing Scam Targets 1600 Across US and Europe
24Mar By RBNo Comments
News

SharePoint Phishing Scam Targets 1600 Across US and Europe

At least 1600 people in Europe, the US, and other nations have been the subject of a novel phishing scam that relies on reliable servers from Microsoft's collaborative platform SharePoint. It uses a native notification mechanism. In a new advisory released earlier today, Kaspersky security experts detailed the discoveries and added that cybercriminals have used the scam to obtain the login information for a number of email accounts, including Yahoo!, AOL, Outlook, Office 365, and others. The employee gets the typical message that someone is sharing a file read more SharePoint Phishing Scam Targets 1600 Across US and Europe. Stay up-to-date with the latest cybersecurity news and increase your cybersecurity awareness through ReconBee.com‘s in-depth coverage of the newest threats, b...
Read More
Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts
24Mar By RBNo Comments
News

Malicious ChatGPT Chrome Extension Hijacks Facebook Accounts

Security researchers have issued another alert regarding a security problem that is spreading thanks to public interest in ChatGPT and is posing as a Chrome extension this time. Using a legal open source "ChatGPT for Google" extension as a base, threat actors allegedly injected malicious code intended to harvest Facebook session cookies, according to a blog post by Guardio. Malicious sponsored search engine results then led users to the extension.To test the new algorithm, you search for "Chat GPT 4," a...
Read More
General Bytes Bitcoin ATMs Hacked to Steal Funds
22Mar By RBNo Comments
News

General Bytes Bitcoin ATMs Hacked to Steal Funds

Following the discovery that hackers stole money over the weekend by taking advantage of a zero-day vulnerability in its software, a major supplier of Bitcoin ATMs is advising customers to update their systems right away. The flaw was discovered in the master service interface used by Bitcoin ATMs to upload films to the server, according to a General Bytes notice. The General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean (our recommended cloud hosting provide...
Read More
US Government IIS Server Breached via Telerik Software Flaw
17Mar By RBNo Comments
News

US Government IIS Server Breached via Telerik Software Flaw

The Progress Telerik user interface (UI) for ASP.NET AJAX contains a.NET deserialization vulnerability (CVE-2019-18935), according to information released by the US Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability also affected the Microsoft Internet Information Services (IIS) web server of a federal civilian executive branch (FCEB) agency between November 2022 and January 2023, according to a report released by CISA on Wednesday. If successfully exploited, the flaw permits remote code execution read more US Government IIS Server Breached via Telerik Software Flaw. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
Read More
Tick APT Group Hacked East Asian DLP Software Firm
16Mar By RBNo Comments
News

Tick APT Group Hacked East Asian DLP Software Firm

The advanced persistent threat (APT) group Tick has been blamed for a new malware campaign that targets an East Asian company that creates data-loss prevention (DLP) software for governmental and military organizations. The threat actor broke into the DLP company's internal update servers, according to an advisory released by ESET on Tuesday, to spread malware across its network. The company's use of genuine tool installers that had been tampered with led to the execution of malware on the PCs of two of its clients read more Tick APT Group Hacked East Asian DLP Software Firm. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
Read More
Security giant Rubrik says hackers used Fortra zero-day to steal internal data
15Mar By RBNo Comments
News

Security giant Rubrik says hackers used Fortra zero-day to steal internal data

The Fortra GoAnywhere zero-day vulnerability, which has been connected to hacks against a hospital network and a bank, has claimed its newest victim: Silicon Valley-based data security business Rubrik. Michael Mestrovich, chief information security officer at Rubrik, claimed that the vulnerability in Fortra's GoAnywhere file-transfer programme, which the company employs for internal data exchange, allowed attackers access to the non-production IT testing environments used by the company. Known as CVE-2023-0669, this vulnerability originally came to light on February 2 read more Security giant Rubrik says hackers used Fortra zero-day to steal internal data. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the ...
Read More
8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server
10Mar By RBNo Comments
Risk, Security

8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server

A new payload that targets a vulnerable Oracle Weblogic Server in a specific Universal Resource Identifier has been linked to the threat actor known as "8220 Gang" (URI). The extraction of ScrubCrypt, a type of malware created to obfuscate and encrypt software with the objective of evading detection by security solutions, is what distinguishes the payload, according to Fortinet security researchers who researched it. In the advisory published on Wednesday, senior antivirus analyst Cara Lin from Fortinet stated, "We examined the malware introduced into a victim's machine and, as part of our examination read more 8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our compreh...
Read More
Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw
9Mar By RBNo Comments
Reputation, Resources, Risk, Security

Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw

Lazarus Group, a North Korean threat actor, was observed twice in the past year using holes in undisclosed software to access a South Korean finance company. The information was released by security experts at Asec, who on Tuesday published an advisory about the attacks. The first attack was noted by the corporation in May 2022, while the second one happened in October of that same year. According to reports, the same zero-day vulnerability was used by both operations. The impacted company "was employing a vulnerable version of a certificate application that was commonly used by public institutions and universities during the infiltration read more Lazarus Group Targets South Korean Finance Firm Via Zero-Day Flaw. Stay informed with the best cybersecurity news and raise your cybe...
Read More
Major Phishing Campaign Targets Trezor Crypto Wallets
3Mar By RBNo Comments
Resources, Risk, Security

Major Phishing Campaign Targets Trezor Crypto Wallets

An ongoing multi-channel phishing attempt aimed at tricking users into allowing access to their wallets has been acknowledged by cryptocurrency hardware company Trezor. In a tweet, the company issued a warning: "The attackers contact the victims by phone call, SMS, and/or email to suggest that there has been a security breach or suspicious activity on their Trezor account. "We did not discover any proof of a recent database intrusion. You won't ever get calls or SMS messages from us. Hardware-based wallets are offered by Trezor allowing consumers to store their cryptocurrencies read more Major Phishing Campaign Targets Trezor Crypto Wallets. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threa...
Read More
Follow Us on Twitter
Join our community on LinkedIn